x0rz @x0rz@mastodon.social
Security Researcher & Cyber Observer (pgp: 0xdd1190a656721c4a) ㊙
Joined Apr 2017
Pinned toot
Tweets are automatically forwarded from https://twitter.com/x0rz
Going on a long vacation, don't expect much activity from me for a couple of weeks. Peace ✌️
This is gold 👌😂😭 @SwiftOnSecurity https://t.co/CVaGLGlEdO
For those wondering, IANAL but Valve is required by law to show up this legal notice (at least if they want to sell in France)
Steam is showing a special legal notice for FR viewers only. Valve Corporation has been sanctioned by the Finance Ministry for multiple breach of the French Consumer Code https://t.co/CS0D5iLNNn
They even made a tool to audit GitHub repositories against the Mozilla's Guidelines for Sensitive Repositories https://github.com/mozilla-services/GitHub-Audit 👍
Good to see @mozilla pushing for more hygiene into development processes (2FA for all developers, commits to be GPG signed, least privilege, ...) https://blog.mozilla.org/security/2018/09/11/protecting-mozillas-github-repositories-from-malicious-modification/
Just booked my @hack_lu ticket! See you guys there in a few weeks :)
Beware of Chrome 69, it will log into your Google account "silently" https://news.ycombinator.com/item?id=17942252 https://t.co/O5nRSv04oE
This is why TLS/SSL is important, too (who would have thought? eh)
RCE in apk, the default package manager for Alpine Linux https://justi.cz/security/2018/09/13/alpine-apk-rce.html #vulnerability https://t.co/PK3MNUERCr
New rule: you can begin to worry about APT the day a simple nessus scan gives 0 results on your network. Until then, keep patching and keep calm.
MFW you fear about APTs but can't even apply basic infosec hygiene 🤦♂️ https://www.wsj.com/articles/before-it-was-hacked-equifax-had-a-different-fear-chinese-spying-1536768305
Here is a good example of polyglot files being used to bypass security policies https://portswigger.net/blog/bypassing-csp-using-polyglot-jpegs cc @angealbertini
Just realized I reached 1k followers here on @Mastodon, cool I guess 
Dites @Hexatrust, c'est bien beau de vouloir promouvoir la "cybersécurité", encore faut-il pouvoir appliquer ces bonnes pratiques envers soi-même 😘 #privacy #letsencrypt https://t.co/oCneGoT8EC
Good to see Apple pushing more privacy & security features into iOS and macOS 👍 https://techcrunch.com/2018/09/11/the-best-security-and-privacy-features-in-ios-12-and-macos-mojave/ #Apple #privacy
(FR) Voici le résultat de l'étude sur les salaires bruts pratiqués dans la SSI.
Merci à Alice (qui se reconnaîtra) pour l'infographie et à tous les participants! 😉
Données: https://docs.google.com/spreadsheets/d/1_-4gt59M6ww_lQBa5fV1tfvMVXlscvs4Ie1b5tRGNpo/edit?usp=sharing #biguppouralice #salaires #benchmark https://t.co/QSDLVOldjx
This is why Amazon is becoming cancer https://www.recode.net/2018/9/10/17797720/amazon-is-stuffing-its-search-results-pages-with-ads #ads #amazon 🤮
Twitter still blacklisting 0day[.]rocks 😡
Come on, learn how to deal with bogus threat intel sources @TwitterSecurity ffs, it's been weeks, submitted several tickets and *nothing* https://t.co/UfMRzpaWLl
Security Researcher & Cyber Observer (pgp: 0xdd1190a656721c4a) ㊙
Joined Apr 2017
